Posted by: David Harley | May 23, 2018

Mac Cryptomining

Malwarebytes put up an interesting analysis of a new Mac Cryptominer: New Mac cryptominer uses XMRig.

Cryptomining malware targeting Mac users isn’t something we hear a lot about, but in his article Thomas Reed points out that: “Mac cryptomining malware has been on the rise recently, just as in the Windows world. This malware follows other cryptominers for macOS, such as Pwnet, CpuMeaner, and CreativeUpdate.”

David Harley

Posted by: David Harley | May 20, 2018

Disconcerting Android stories and one bit of good news

…at least the story that Android will insist that device makers will implement patches is worth a cheer or three, even if it is long overdue…

David Harley

Posted by: David Harley | May 12, 2018

Apple and Android news

David Harley

Posted by: David Harley | April 25, 2018

Evil maids and Apple debugs

Bleeping Computer: macOS App Can Detect Evil Maid Attacks. Describes Do Not Disturb from Patrick Wardle, a free open-source utility that detects ‘evil maid’ (physical access) attacks on Macs.

The Register: Apple debugs debugger, nukes pesky vulns in iOS, WebKit, macOS – “Cook’s Cupertino crew corrects coding cockups”

David Harley

Posted by: David Harley | April 21, 2018

Miscellaneous mobile malfeasance

TechNode: China’s latest data theft case shows tracking a mobile phone costs less than $2 a month

Sophos: Google in hot water over privacy of Android apps for kids

Bleeping Computer: iOS Trustjacking Attack Exposes iPhones to Remote Hacking. Roy Iarchy for Symantec: iOS Trustjacking – A Dangerous New iOS Vulnerability

Trend Micro: XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing

David Harley

Posted by: David Harley | April 17, 2018

Android: shady security apps

Useful interview with ESET’s Lukáš Štefanko, following up on his article on near- or completely-useless Android apps. Makes some very good points.

Fake or not fake – that is the question

“ESET’s analysis of shady apps pretending to be security – or “antivirus” – apps that were discovered on Google Play left some questions unanswered. Lukáš Štefanko, who did the research, speaks about its wider consequences.”

David Harley

Posted by: David Harley | April 17, 2018

Miscellaneous Android issues…

Security Research Labs: Mind the Gap – Uncovering the Android patch gap through binary-only patch analysis (HITB conference, April 13, 2018)

Commentary by Help Net: Your Android phone says it’s fully patched, but is it really?

E Hacking News: New malware strikes panic among B’luru bank customers – “The bankers in Bengaluru claimed to have discovered a new malware that helps the hackers siphon off money from a number of bank accounts … The policemen probing the cyber crime initially talk of MazarBot, a malware, used to sent some SMS to the bank account holders’ smart phones which provides the hackers with the banking details of the accountholders.


David Harley

Posted by: David Harley | April 16, 2018

Free Android apps with poor password security

The Register: Android apps prove a goldmine for dodgy password practices

“And password crackers are getting a lot smarter…An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default.”

Summarizes research described by Will Dormann, CERT/CC software vulnerability analyst, at BSides.

David Harley

Posted by: David Harley | April 16, 2018

Firefox for iOS: tracking protection by default

Mozilla: Latest Firefox for iOS Now Available with Tracking Protection by Default plus iPad Features.

Commentary from Sophos: Tracking protection in Firefox for iOS now on by default – why this matters

David Harley

Posted by: David Harley | April 14, 2018

Android insecurity & spyware targeting Uyghur population.

The Register: Exposed: Lazy Android mobe makers couldn’t care less about security  “Never. Is never a good time to get vulnerability fixes? Never is OK with you? Cool, never it is”

Graham Cluley for Bitdefender: China forces spyware onto Muslim’s Android phones, complete with security holes. Links to Adam Lynn’s report for the Open Technology Fund: App Targeting Uyghur Population Censors Content, Lacks Basic Security

Older Posts »